VIRY.CZ

Zdravim a prosim o pomoc, pravdepodopne nejaky zaskodnik mi prepsal nastaveni k pripojeni WiFi. Jedna se o otevrenou sit, ktera po pripojeni nabizela informacni stranku k odsouhlaseni podminek a "pripojeni" Ted se nic takoveho nedeje, a WiFi hlasi ze je bez internetu.(na mobilu jede)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by noreg (administrator) on LAPTOP-K63QHTUS (05-10-2016 13:32:42)
Running from C:\Users\noreg\Desktop
Loaded Profiles: noreg (Available Profiles: noreg)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Viber Media S.Ã r.l.) C:\Users\noreg\AppData\Local\Viber\Viber.exe
(BitTorrent Inc.) C:\Users\noreg\AppData\Roaming\BitTorrent\BitTorrent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(BitTorrent Inc.) C:\Users\noreg\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(BitTorrent Inc.) C:\Users\noreg\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ComArr s.r.o.) C:\RAAL\RTW8520\Klient\RTW8.exe
() C:\Users\noreg\Downloads\RogueKiller.exe
() C:\Users\noreg\AppData\Local\Temp\nsqA360.tmp\setupRogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\noreg\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16152792 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-14] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-03-08] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-06-19] (Lenovo)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-03-17] (CyberLink Corp.)
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\...\Run: [Viber] => C:\Users\noreg\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\...\Run: [Chromium] => c:\users\noreg\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\...\Run: [BitTorrent] => C:\Users\noreg\AppData\Roaming\BitTorrent\BitTorrent.exe [2540232 2016-09-24] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-25] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3839973971-3219976680-534560184-1001] => 127.0.0.1:9666
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{37491919-ee35-4fcc-a915-4964431b88d7}: [DhcpNameServer] 192.168.255.1
Tcpip\..\Interfaces\{9e23454a-b2e6-4804-8383-7f5a5e65e872}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/?type=502468&fr=spigot-yhp-ie
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-3839973971-3219976680-534560184-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {5D680AE4-4248-4E04-989D-31A82F1D77E1} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {5D680AE4-4248-4E04-989D-31A82F1D77E1} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {5D680AE4-4248-4E04-989D-31A82F1D77E1} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {5D680AE4-4248-4E04-989D-31A82F1D77E1} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3839973971-3219976680-534560184-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://es.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Des%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtAzyyEyB0BtByC0AtB0ByC0A0A0BtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyCyBzytC0D0A0BtGtD0Dzy0CtGtA0EyEtCtGyEyDtCtBtG0EyC0F0FyDyEyB0E0CyDtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0ByDyCyEtA0BtGyCtA0C0CtGyEzz0BtCtG0AtDtAtDtGtCzy0AzztBtC0AyCyC0D0CyC2QtN0A0LzuyE%26cr%3D987221598%26a%3Dwbf_fs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3839973971-3219976680-534560184-1001 -> {60A2D6C0-FB68-45F3-9CA4-5345FC1C97F8} URL = hxxps://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-09-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-25] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-25]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://es.search.yahoo.com/?type=502468&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default [2016-10-05]
CHR Extension: (Prezentace Google) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-12]
CHR Extension: (Dokumenty Google) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-12]
CHR Extension: (Disk Google) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-12]
CHR Extension: (YouTube) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-12]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-09-17]
CHR Extension: (Tabulky Google) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-12]
CHR Extension: (Booking.com for Chrome™) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2016-07-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-12]
CHR Extension: (Avast Online Security) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-25]
CHR Extension: (Backspace to go Back) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlffgllnjjkheddehpolbanogdeaogbc [2016-10-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-12]
CHR Extension: (Gmail) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\noreg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3839973971-3219976680-534560184-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-25] (AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [596072 2015-11-03] (Intel Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353384 2015-11-03] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [60752 2016-09-13] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-17] (Microsoft Corporation)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [86544 2016-07-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\Windows\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-25] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-25] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-30] (Realtek )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-11] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-10-05] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 13:32 - 2016-10-05 13:33 - 00025363 _____ C:\Users\noreg\Desktop\FRST.txt
2016-10-05 13:32 - 2016-10-05 13:32 - 00000000 ____D C:\FRST
2016-10-05 13:29 - 2016-10-05 13:30 - 00112640 _____ (forum.viry.cz) C:\Users\noreg\Desktop\FRSTLauncher.exe
2016-10-05 13:28 - 2016-10-05 13:28 - 00112640 _____ (forum.viry.cz) C:\Users\noreg\Downloads\Nepotvrzeno 614209.crdownload
2016-10-05 13:25 - 2016-10-05 13:25 - 00112640 _____ (forum.viry.cz) C:\Users\noreg\Downloads\Nepotvrzeno 663432.crdownload
2016-10-05 13:25 - 2016-10-05 13:25 - 00112640 _____ (forum.viry.cz) C:\Users\noreg\Downloads\Nepotvrzeno 475297.crdownload
2016-10-05 13:21 - 2016-10-05 13:21 - 02405376 _____ (Farbar) C:\Users\noreg\Desktop\FRST64.exe
2016-10-05 10:50 - 2016-10-05 10:50 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-10-05 10:49 - 2016-10-05 10:49 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-05 10:48 - 2016-10-05 10:49 - 18368240 _____ C:\Users\noreg\Downloads\RogueKiller.exe
2016-10-05 09:53 - 2016-10-05 09:53 - 00000000 ____D C:\Users\noreg\AppData\Local\ElevatedDiagnostics
2016-10-05 09:13 - 2016-10-05 09:13 - 00000000 ____D C:\Users\noreg\Documents\Vlastní šablony Office
2016-10-04 22:07 - 2016-10-05 10:00 - 00000600 _____ C:\Users\noreg\PUTTY.RND
2016-10-04 22:06 - 2016-10-05 09:59 - 00000000 ____D C:\Users\noreg\Downloads\u
2016-10-04 22:05 - 2016-10-04 22:06 - 02530153 _____ C:\Users\noreg\Downloads\u.zip
2016-10-04 17:43 - 2016-10-04 17:43 - 00020397 _____ C:\Users\noreg\Downloads\jizdy.csv
2016-10-04 09:45 - 2016-08-13 20:37 - 06481040 _____ (Krzysztof Kowalczyk) C:\Users\noreg\Downloads\SumatraPDF.exe
2016-10-04 03:45 - 2016-10-04 03:45 - 00000000 ____D C:\Users\noreg\AppData\Local\Viber
2016-09-30 05:23 - 2015-12-25 13:09 - 00000000 ____D C:\Users\noreg\Downloads\Osudy dobrého vojáka Švejka - kolekce 20 CD
2016-09-29 21:46 - 2016-09-29 21:46 - 00001548 _____ C:\Users\noreg\Desktop\SumatraPDF – zástupce (2).lnk
2016-09-29 21:41 - 2016-10-04 09:46 - 00000000 ____D C:\Program Files\SumatraPDF-3.1.2
2016-09-29 21:38 - 2016-09-29 21:38 - 00000000 ____D C:\Users\noreg\AppData\Roaming\WinRAR
2016-09-29 21:37 - 2016-09-29 21:37 - 00000000 ____D C:\Users\noreg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-29 21:37 - 2016-09-29 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-29 21:37 - 2016-09-29 21:37 - 00000000 ____D C:\Program Files\WinRAR
2016-09-29 21:24 - 2016-09-29 21:24 - 00003570 _____ C:\WINDOWS\System32\Tasks\{A2578FC4-51DB-4BC4-9315-311F65F22F98}
2016-09-28 20:10 - 2016-09-28 20:10 - 00000000 ____D C:\Users\noreg\Desktop\Sygic
2016-09-25 20:13 - 2016-09-29 21:35 - 02181456 _____ C:\Users\noreg\Downloads\winrar-x64-531cz.exe
2016-09-25 19:05 - 2016-09-25 19:07 - 03574226 _____ C:\Users\noreg\Downloads\SumatraPDF-3.1.2.zip
2016-09-25 18:31 - 2016-09-25 19:39 - 504014008 _____ C:\Users\noreg\Downloads\18-ti-leta-amaterka.mp4
2016-09-25 18:15 - 2016-09-25 18:31 - 88376400 _____ C:\Users\noreg\Downloads\Porno---Sexy-Teen-pana-deflorace.avi
2016-09-25 16:38 - 2016-09-25 16:38 - 00101629 _____ C:\Users\noreg\Downloads\deník 24hod2.xlsx
2016-09-25 16:09 - 2016-09-25 16:09 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2016-09-25 15:50 - 2016-09-25 15:50 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-25 14:21 - 2016-09-25 14:21 - 00002524 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-09-25 14:21 - 2016-09-25 14:21 - 00002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-25 14:21 - 2016-09-25 14:21 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-25 14:21 - 2016-09-25 14:21 - 00002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-25 14:21 - 2016-09-25 14:21 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-09-25 14:21 - 2016-09-25 14:21 - 00002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-25 14:21 - 2016-09-25 14:21 - 00002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-25 13:57 - 2016-09-25 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-25 13:57 - 2016-09-25 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-25 13:56 - 2016-09-25 14:21 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-25 13:55 - 2016-09-25 13:55 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-25 13:35 - 2016-09-25 13:35 - 00003620 _____ C:\WINDOWS\System32\Tasks\PPI Update
2016-09-25 13:34 - 2016-09-25 14:39 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2016-09-25 09:46 - 2016-09-25 09:46 - 00000000 ____D C:\Users\noreg\Downloads\HERE
2016-09-25 09:44 - 2016-09-25 09:44 - 01025536 ____R C:\Users\noreg\Downloads\Sygic PC maps DOWNLOADER - [HERE 2016.03].exe
2016-09-24 22:49 - 2016-09-24 22:49 - 00000000 ____D C:\Stažené soubory
2016-09-24 20:22 - 2016-09-24 23:08 - 00000000 ____D C:\Users\noreg\Downloads\Sygic
2016-09-24 15:58 - 2016-09-24 15:58 - 00000000 ____D C:\Users\noreg\AppData\Local\GHISLER
2016-09-24 09:52 - 2016-09-24 09:52 - 00003554 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan
2016-09-24 09:52 - 2016-09-24 09:52 - 00000000 ____D C:\Users\noreg\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-09-24 09:28 - 2016-09-25 01:56 - 00000000 ____D C:\Users\noreg\Downloads\iGO Primo 9.6.29.636868 EU Here 2015 Q4
2016-09-24 09:20 - 2016-10-05 12:31 - 00000000 ____D C:\Users\noreg\AppData\LocalLow\BitTorrent
2016-09-24 09:19 - 2016-09-24 09:19 - 00000000 ____D C:\Users\noreg\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-09-24 09:18 - 2016-09-24 09:18 - 00002731 _____ C:\Users\noreg\Desktop\BitTorrent.lnk
2016-09-24 09:18 - 2016-09-24 09:18 - 00002731 _____ C:\Users\noreg\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-09-24 09:17 - 2016-10-05 13:33 - 00000000 ____D C:\Users\noreg\AppData\Roaming\BitTorrent
2016-09-24 08:51 - 2016-09-24 08:51 - 00002341 _____ C:\Users\noreg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-09-24 08:51 - 2016-09-24 08:51 - 00002333 _____ C:\Users\noreg\Desktop\Chromium.lnk
2016-09-24 08:50 - 2016-09-24 08:51 - 00000000 ____D C:\Users\noreg\AppData\Local\chromium
2016-09-24 08:50 - 2016-09-24 08:50 - 00003454 _____ C:\WINDOWS\System32\Tasks\ByteFence
2016-09-24 08:49 - 2016-10-04 08:49 - 00000000 ____D C:\ProgramData\{5D439820-D701-12E6-51C7-8CA4CB85076A}
2016-09-24 08:49 - 2016-09-26 13:22 - 00000000 ____D C:\Users\noreg\Documents\PROPCCleaner
2016-09-24 08:49 - 2016-09-26 13:11 - 00001010 _____ C:\WINDOWS\Tasks\Yahoo! Powered cefac.job
2016-09-24 08:49 - 2016-09-24 08:49 - 00004088 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered cefac
2016-09-24 08:49 - 2016-09-24 08:49 - 00002524 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-09-24 08:49 - 2016-09-24 08:49 - 00000356 __RSH C:\ProgramData\ntuser.pol
2016-09-24 08:49 - 2016-09-24 08:49 - 00000000 ____D C:\Users\noreg\AppData\Roaming\{345C02E7-110E-6F91-7A38-4843A6EAB57D}
2016-09-24 08:49 - 2016-09-24 08:49 - 00000000 ____D C:\Users\noreg\AppData\Local\PRO_PC_Cleaner
2016-09-24 08:48 - 2016-09-29 21:23 - 00000000 ____D C:\Users\noreg\AppData\Roaming\BitComet
2016-09-24 08:48 - 2016-09-24 08:51 - 00000000 ____D C:\Users\noreg\AppData\Local\{3401025D-10A9-6EE5-7D31-4B0D5959B795}
2016-09-21 16:17 - 2016-09-25 20:36 - 00000000 ____D C:\Users\noreg\Desktop\Nová složka
2016-09-21 16:15 - 2016-09-10 23:00 - 1383543403 ____N C:\Users\noreg\Desktop\Proin-aliquet-at-metus-a-lobortis.7z
2016-09-19 22:27 - 2016-09-19 22:44 - 00000000 ____D C:\totalcmd
2016-09-19 22:27 - 2016-09-19 22:27 - 00000676 _____ C:\Users\Public\Desktop\Total Commander.lnk
2016-09-19 22:27 - 2016-09-19 22:27 - 00000000 ____D C:\Users\noreg\AppData\Roaming\GHISLER
2016-09-19 22:27 - 2016-09-19 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-09-19 22:27 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\UC.PIF
2016-09-19 22:27 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\RAR.PIF
2016-09-19 22:27 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\PKZIP.PIF
2016-09-19 22:27 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\PKUNZIP.PIF
2016-09-19 22:27 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\LHA.PIF
2016-09-19 22:27 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\ARJ.PIF
2016-09-19 04:43 - 2016-09-19 21:14 - 00000000 ____D C:\Users\noreg\Desktop\TempVideoFile
2016-09-18 14:38 - 2016-09-18 14:45 - 97985847 _____ C:\Users\noreg\Downloads\Skin_iGO_Nextgen_by_pongo+ux_plugins_2016_09_14.7z
2016-09-17 23:40 - 2016-09-17 23:40 - 00011825 _____ C:\Users\noreg\Desktop\dispecer.ods
2016-09-16 05:51 - 2016-10-03 09:32 - 00000000 ____D C:\Users\noreg\Documents\ViberDownloads
2016-09-16 05:48 - 2016-09-16 05:48 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2016-09-15 19:31 - 2016-09-15 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2016-09-15 19:28 - 2016-09-15 19:29 - 05181640 _____ (Lenovo ) C:\Users\noreg\Downloads\SHAREitLENOVOSUPPORT.exe
2016-09-15 12:09 - 2016-09-15 12:09 - 00639728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00394504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00334616 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00271112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00244504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00089328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00085744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2016-09-13 20:31 - 2016-09-25 19:19 - 00000000 ____D C:\Users\noreg\Desktop\sds
2016-09-13 18:14 - 2016-09-13 18:14 - 00257872 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2016-09-13 11:19 - 2016-09-24 17:13 - 00000000 ____D C:\Users\noreg\Desktop\igo
2016-09-13 09:26 - 2016-09-13 10:58 - 1701451239 _____ C:\Users\noreg\Downloads\iGO-Primo-9.6.29.636868-EU-Here-2015-Q4.rar
2016-09-13 03:16 - 2016-10-05 12:31 - 00000000 ____D C:\Users\noreg\AppData\Roaming\ViberPC
2016-09-13 03:16 - 2016-09-13 03:16 - 00001036 _____ C:\Users\noreg\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-09-13 03:16 - 2016-09-13 03:16 - 00001034 _____ C:\Users\noreg\Desktop\Viber.lnk
2016-09-13 03:16 - 2016-09-13 03:16 - 00000000 ____D C:\Users\noreg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-09-13 03:15 - 2016-09-13 03:15 - 00000000 ____D C:\Users\noreg\AppData\Local\Package Cache
2016-09-12 16:58 - 2016-09-12 19:44 - 1848748154 _____ C:\Users\noreg\Downloads\iGo-Here-2016-Q2-EU.rar
2016-09-07 12:35 - 2016-09-07 12:36 - 00000000 ____D C:\Users\noreg\AppData\Roaming\PDFescape Desktop
2016-09-07 12:34 - 2016-09-07 12:34 - 00000000 ____D C:\ProgramData\PDFescape Desktop
2016-09-05 09:37 - 2016-09-05 09:37 - 00000871 _____ C:\Users\noreg\Desktop\RAALTRANS Editor 8.520.lnk
2016-09-05 09:37 - 2016-09-05 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAALTRANS 8.520

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 13:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-05 12:38 - 2016-08-29 20:39 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-10-05 12:38 - 2016-07-17 00:25 - 00456142 _____ C:\WINDOWS\system32\perfh005.dat
2016-10-05 12:38 - 2016-07-17 00:25 - 00083348 _____ C:\WINDOWS\system32\perfc005.dat
2016-10-05 12:38 - 2015-11-03 21:28 - 01472216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-05 12:34 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-05 12:32 - 2016-07-16 19:18 - 00000000 ____D C:\Users\noreg\AppData\Roaming\Skype
2016-10-05 12:30 - 2016-08-29 20:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-05 12:30 - 2016-06-27 16:01 - 00000000 __SHD C:\Users\noreg\IntelGraphicsProfiles
2016-10-05 12:29 - 2016-08-29 20:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-05 12:29 - 2016-08-29 20:21 - 00000000 ____D C:\ProgramData\Synaptics
2016-10-05 12:27 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-10-05 12:26 - 2016-08-29 20:25 - 00000000 ____D C:\Users\noreg
2016-10-05 06:57 - 2016-08-29 20:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-04 09:06 - 2016-08-26 20:45 - 00000000 ____D C:\Users\noreg\Desktop\SIEN autodoprava
2016-10-04 04:01 - 2016-08-28 08:51 - 00000000 ____D C:\Users\noreg\Desktop\filmy
2016-10-03 23:16 - 2016-07-12 01:58 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 23:16 - 2016-07-12 01:58 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-26 13:11 - 2016-08-29 20:16 - 00400480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-25 16:41 - 2016-06-27 16:01 - 00000000 ____D C:\Users\noreg\AppData\Local\Packages
2016-09-25 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-25 15:50 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-24 18:32 - 2016-08-25 05:30 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-09-24 08:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-09-24 08:49 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-24 08:28 - 2016-08-29 20:39 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1472096052
2016-09-24 08:28 - 2016-08-25 05:34 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-24 04:04 - 2016-07-16 19:18 - 00000000 ____D C:\ProgramData\Skype
2016-09-23 04:46 - 2016-03-08 21:35 - 00000000 ____D C:\ProgramData\CyberLink
2016-09-16 06:01 - 2016-08-29 21:10 - 00000000 ____D C:\Windows.old
2016-09-16 05:55 - 2016-08-25 05:30 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-15 19:31 - 2016-08-22 16:04 - 00001186 _____ C:\Users\Public\Desktop\SHAREit.lnk
2016-09-15 19:31 - 2016-03-08 21:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-09-07 06:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-07 05:09 - 2016-07-11 10:11 - 00000000 ____D C:\RAAL
2016-09-07 04:11 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-07 03:36 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-06 22:13 - 2015-11-03 21:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-05 10:24 - 2016-07-17 00:30 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-05 10:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

==================== Files in the root of some directories =======

2016-08-29 20:21 - 2016-08-29 20:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\noreg\AppData\Local\Temp\dllnt_dump.dll
C:\Users\noreg\AppData\Local\Temp\genteert.dll
C:\Users\noreg\AppData\Local\Temp\ru4_ayya.dll
C:\Users\noreg\AppData\Local\Temp\{3A324569-24F7-4BFC-8B22-83607F2704E9}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered cefac.job => Wscript.exe C:\ProgramData\{5D439820-D701-12E6-51C7-8CA4CB85076A}\leri.txt <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\noreg\Desktop" je 181149 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

==================== End Of Log ==============================

ahoj,
uprac si plochu Velikost slozky "C:\Users\noreg\Desktop" je 181149 MB.
+
vycisti PC s ADWCleanerom

Z plochy jsem presunul velke slozky s film na C:

Procistil jsem ADWCleanerom

Zatim se vysledku nedosahlo, stale se nelze prihlasit. Posledni instalovany program,ktery by to mohl mit na svedomi je asi "ultrasurf"

vycisti PC s MBAM

procisteno MBAM

propblem pretrvava, bude to nekde asi v nastaveni WiFi, neexistuje nejaky reset do zakladniho nastaveni WiFi?
nemam tuseni co to mohlo zpusobit, cim to muze byt, ani kde hledat.

Vloz oba logy FRST, zajtra pozriem

tak jsem se do toho polozil trochu hloubeji. projel jsem to dukladne antivirem,vyhazel vse nepotrebne, a taky se podival na sitova zarizeni. Ceho jsem si mvsiml, tak na Wireles, je v Vlastnosti Udalosti zmena v tom, ze zarizeni bylo asi pri instalaci MIGROVANO

Device PCI\VEN_8086&DEV_3166&SUBSYS_42108086&REV_99\4&211612db&0&00E5 was migrated.
Last Device Instance Id: PCI\VEN_8086&DEV_3166&SUBSYS_42108086&REV_99\4&211612db&0&00E5
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Location Path:
Migration Rank: 0x0
Present: true

, a ted je NEMIGROVANO

Device PCI\VEN_8086&DEV_3166&SUBSYS_42108086&REV_99\4&211612db&0&00E5 could not be migrated.
Last Device Instance Id: SWD\IP_TUNNEL_VBUS\6TO4_ADAPTER
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Location Path:
Migration Rank: 0xF000FFFFFFFFF112
Present: false
Status: 0xC0000719

nevim, jestli to ma nejaky vliv, zkusil jsem to pomoci WIN napovedy resetovat, ale nepomohlo to.

jeste ty logy, skleroza, spis klik mysi byl rychlejsi nez myslenky"odeslat"

tak jeste se v tom rypu, zkousel jsem zapnout hotspot na mobilu, a ten se v poho pripoji a jede, v tom pripade mi nejedou jen verejne otevrene site. tak ovladacem to nebude, tak na to predchozi zapomen, musi to byt nekde v nastaveni verejnych ,otevrenych sit, nebo neco podobneho.

citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start

R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]
C:\Users\noreg\AppData\Local\Temp\dllnt_dump.dll
C:\Users\noreg\AppData\Local\Temp\genteert.dll
C:\Users\noreg\AppData\Local\Temp\ru4_ayya.dll
C:\Users\noreg\AppData\Local\Temp\{3A324569-24F7-4BFC-8B22-83607F2704E9}.exe




EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

+
tu plochu si neupratal

+
po akcii log FRST

VIRY.CZ

NB nelze se pripojit k WiFi

NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi

Re: NB nelze se pripojit k WiFi